/** 
	RIPS - A static source code analyser for vulnerabilities in PHP scripts 
		by Johannes Dahse (johannes.dahse@rub.de)
**/

function editExploit()
{
	document.getElementById('exploitcode').style.display = "none";
	document.getElementById('exploitbuild').style.display = "block";
}

function deleteMethod(method)
{
	document.getElementById(method+'box').style.display = "none";
}

function getQuery(method)
{
	var query = "";
	var elements = document.getElementById(method).elements;
	for(var i=0;i<elements.length;i++)
	{
		query = query + elements[i].name + '=' + encodeURIComponent(elements[i].value);
		if(i != elements.length-1)
			query = query + '&';
	}
	return query;
}

function createExploit()
{
	var name = "";
	if(document.getElementById('$_GET') != undefined)
		name = name + 'GET, ';
	if(document.getElementById('$_POST') != undefined)
		name = name + 'POST, ';	
	if(document.getElementById('$_FILES') != undefined)	
		name = name + 'FILES, ';
	if(document.getElementById('$_COOKIE') != undefined)
		name = name + 'COOKIE, ';
	if(document.getElementById('$_SERVER') != undefined)
		name = name + 'SERVER, ';	
		
	var output = "//<br>// HTTP "+name+" <input type=button class='Button' value='edit' onClick='editExploit()'>";
	output = output + "<br>//<br><br>$target = $argv[1];<br><br>";

	var target = document.getElementById('target').value;
	var cookiejar = document.getElementById('cookiejar').value;
	var exectime = document.getElementById('exectime').value;
	var ssl = document.getElementById('ssl').checked
	var auth = document.getElementById('auth').checked
		
	if(document.getElementById('$_FILES') != undefined)
		output = output + "$postData = array();<br>$postData[ 'file' ] = \"@" + document.getElementById('$_FILES').elements[0].value + "\";<br><br>";
	
	if(auth)
	{
		output = output + "$username = \"\";<br>$password = \"\";<br><br>";
	}

	output = output + "$ch = curl_init();<br>curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);<br>";
		
	if(document.getElementById('$_GET') != undefined)
	{
		var getquery = getQuery('$_GET');
		output = output + "curl_setopt($ch, CURLOPT_URL, \"" + target + '?' + getquery + "\");<br>";
		output = output + "curl_setopt($ch, CURLOPT_HTTPGET, 1);<br>";
	}
	else
	{
		output = output + "curl_setopt($ch, CURLOPT_URL, \"" + target + "\");<br>";
	}
	
	output = output + "curl_setopt($ch, CURLOPT_USERAGENT, \"Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)\");<br>";

	
	if(document.getElementById('$_POST') != undefined || document.getElementById('$_FILES') != undefined)
		output = output + "curl_setopt($ch, CURLOPT_POST, 1);<br>";

	if(document.getElementById('$_POST') != undefined)
	{
		var postquery = getQuery('$_POST');
		output = output + "curl_setopt($ch, CURLOPT_POSTFIELDS, \"" + postquery + "\");<br>"; 
	}

	if(document.getElementById('$_FILES') != undefined)
		output = output + "curl_setopt($ch, CURLOPT_POSTFIELDS, $postData );<br>"; 

	if(document.getElementById('$_COOKIE') != undefined)
	{
		var cookie = getQuery('$_COOKIE');
		output = output + "curl_setopt($ch, CURLOPT_COOKIE, \"" + cookie + "\");<br>";
	}

	if(document.getElementById('$_SERVER') != undefined)
	{
		var elements = document.getElementById('$_SERVER').elements;
		for(var i=0;i<elements.length;i++)
		{
			if(elements[i].name == 'HTTP_USER_AGENT')
				output = output + "curl_setopt($ch, CURLOPT_USERAGENT, \""+elements[i].value+"\");<br>";
			else if(elements[i].name == 'HTTP_ACCEPT')
				output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept: "+elements[i].value+"\");<br>";
			else if(elements[i].name == 'HTTP_ACCEPT_LANGUAGE')
				output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept-Language: "+elements[i].value+"\");<br>";
			else if(elements[i].name == 'HTTP_ACCEPT_ENCODING')
				output = output + "curl_setopt($ch, CURLOPT_ENCODING, \""+elements[i].value+"\");<br>";
			else if(elements[i].name == 'HTTP_ACCEPT_CHARSET')
				output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Accept-Charset: "+elements[i].value+"\");<br>";
			else if(elements[i].name == 'HTTP_KEEP_ALIVE')
				output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, array(\"Connection: keep-alive\", \"Keep-Alive: "+elements[i].value+"\"));<br>";	
			else if(elements[i].name == 'HTTP_CONNECTION')
				output = output + "curl_setopt($ch, CURLOPT_HTTPHEADER, \"Connection: "+elements[i].value+"\");<br>";		
		}
	}

		
	if(exectime != "")
		output = output + "curl_setopt($ch, CURLOPT_TIMEOUT, " + exectime + ");<br>curl_setopt($ch, CURLOPT_LOW_SPEED_LIMIT, " + exectime + ");<br>curl_setopt($ch, CURLOPT_LOW_SPEED_TIME, " + exectime + ");<br>";
		
	if(cookiejar != "")
		output = output + "curl_setopt($ch, CURLOPT_COOKIEJAR, \"" + cookiejar + "\");<br>";

	if(ssl)
	{
		output = output + "curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);<br>";
		output = output + "curl_setopt($ch,	CURLOPT_SSL_VERIFYHOST, FALSE);<br>";
		output = output + "curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);<br>";
	}

	if(auth)
	{
		output = output + "curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC);<br>";
		output = output + "curl_setopt($ch, CURLOPT_USERPWD, \"$username:$password\");<br>";
	}

	output = output + "$buf = curl_exec ($ch);<br>curl_close($ch);<br>unset($ch);<br>";
	output = output + "<br>echo $buf;<br>";

	var exploitdiv = document.getElementById('exploitcode');
	exploitdiv.innerHTML = output;
	exploitdiv.style.display = "block";
	document.getElementById('exploitbuild').style.display = "none";
}

function setssl()
{
	var targetelement = document.getElementById('target');
	var newset;
	var oldset = targetelement.value;
	if(document.getElementById('ssl').checked)
	{
		oldset = oldset.replace(/https:/, "http:"); 
		newset = oldset.replace(/http:/, "https:"); 
	} else
	{
		newset = oldset.replace(/https/, "http"); 
	}
	targetelement.value = newset;
}